commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Tompkins <chtom...@gmail.com>
Subject [text] 1.0 release progress.
Date Fri, 30 Dec 2016 14:40:20 GMT
Hello all,

Personally, I would like to resolve the TEXT-36 and TEXT-42 Jira tickets before proceeding
with the release, but I wanted to check to see if anyone else has any opinions on what work
needs to be completed before the release.

Regarding TEXT-36: 'Dependency on “Commons RNG” ‘, I’m relatively indifferent here,
I just want some other’s to weigh in as to their thoughts before deciding to leave in the
dependency and making more progress on the best pattern after the 1.0 release.

Regarding TEXT-42: '[XSS] Possible attacks through StringEscapeUtils.escapeEcmaScript?’,
I think we should minimally include something in the javadoc directly stating that with the
string '\"' and the output will be '\\\”’ and to be careful using the method from a security
perspective. I think maximally we should implement a distinct method that accommodates ECMA
script escaping with security being the primary focus of the method, but it feels like this
could wait to be included down the road.

For the other tickets, they did not seem to me to be quite as pressing as these, but I’m
open to ensuring whatever gets resolved prior to releasing. I mainly just want a second set
of eyes on the list of Jira’s before proceeding.

Cheers and happy new year,
-Rob
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org


Mime
View raw message